CVE-2026-53817
8.8 HIGHOpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to...
Published: 2026-06-11 · Last updated: 2026-06-11
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-290
Description
OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert temporary shared access into persistent administrative credentials that survive token rotation.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-53811 — OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts... (8.8 HIGH)
- CVE-2026-6090 — A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute... (7.0 HIGH)
- CVE-2026-48567 — Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network (10.0 CRITICAL)
- CVE-2026-11019 — Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised... (6.5 MEDIUM)
- CVE-2026-11001 — Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage... (6.5 MEDIUM)